Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Common vulnerabilities and exposures in containers: What to know

Quentin Machu (CoreOS)
13:15–13:55 Thursday, 10 November, 2016
Tech, tools, and processes
Location: G103 Level: Beginner
Average rating: ****.
(4.33, 3 ratings)

What you'll learn

  • Explore Clair, an open source tool to monitor the security of containers, and learn how it is designed to help you identify insecure packages that may exist in your containers


Docker layers can be fast for developers but also vulnerable if not audited for production. Wouldn’t it be great to improve continuous integration with continuous vulnerability detection?

Clair, an open source tool to monitor the security of containers, is an API-driven analysis engine that inspects containers layer by layer for known security flaws. Quentin Machu offers an overview of Clair and explores a real-life example to demonstrate how Clair is able to automatically detect known vulnerabilities in Docker and rkt containers before they get exploited, using graph database queries to track package changes.

Join Quentin to get started using Clair and learn to easily build services that provide continuous monitoring for container vulnerabilities.

Photo of Quentin Machu

Quentin Machu


Quentin Machu is an engineer on the Quay team at CoreOS and a maintainer of the Clair open source project, which scans containers for vulnerabilities. He is passionate about software engineering and distributed systems. Quentin completed an award-winning OpenStack project as part of his master’s in computer engineering.